Can we identify NAT behavior by analyzing Traffic Flows?

被引：14

作者：

Gokcen, Yasemin ^{[1
]}

Foroushani, Vahid Aghaei ^{[1
]}

Zincir-Heywood, A. Nur ^{[1
]}

机构：

[1] Dalhousie Univ, Fac Comp Sci, Halifax, NS, Canada

来源：

2014 IEEE SECURITY AND PRIVACY WORKSHOPS (SPW 2014) | 2014年

关键词：

Network address translation classification; traffic flows; traffic analysis; machine learning;

D O I：

10.1109/SPW.2014.28

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

It is shown in the literature that network address translation devices have become a convenient way to hide the source of malicious behaviors. In this research, we explore how far we can push a machine learning (ML) approach to identify such behaviors using only network flows. We evaluate our proposed approach on different traffic data sets against passive fingerprinting approaches and show that the performance of a machine learning approach is very promising evenwithout using any payload (application layer) information.

引用

页码：132 / 139

页数：8

共 17 条

[1]

Alshammari R, 2009, IEEE SYMPOSIUM ON COMPUTATIONAL INTELLIGENCE IN CYBER SECURITY, P167

[2]

[Anonymous], Netmate

[3]

[Anonymous], 2009, INF ENG COMP SCI 200

[4]

Bellovin SM, 2002, IMW 2002: PROCEEDINGS OF THE SECOND INTERNET MEASUREMENT WORKSHOP, P267, DOI 10.1145/637201.637243

[5]

Beverly R, 2004, LECT NOTES COMPUT SC, V3015, P158

[6]

Hall M., 2009, SIGKDD Explorations, V11, P10, DOI DOI 10.1145/1656274.1656278

[7]

IETF, PROCEEDINGS

[8]

Ishikawa Y., 2011, Proceedings of the 11th IEEE/IPSJ International Symposium on Applications and the Internet (SAINT 2011), P445, DOI 10.1109/SAINT.2011.83

[9]

John G. H., 1995, Uncertainty in Artificial Intelligence. Proceedings of the Eleventh Conference (1995), P338

[10]

Krmicek V., 2009, P 5 INT STUDENT WORK

← 1 2 →